Microsoft XDR Engineer

Description

Job Summary: We are seeking a Senior Microsoft XDR Engineer to technically lead the Extended Detection & Response platform, designing the next layer of defense against advanced threats. Key Highlights: 1. Technical Subject Matter Expert (SME) for Microsoft XDR on the team 2. Design and implement detection and response architectures 3. Lead technical response to advanced threats Do you live and breathe the Microsoft Defender ecosystem, and are you excited to design the next layer of defense against advanced threats? We are looking for a **Senior Microsoft XDR Engineer** to technically lead the Extended Detection \& Response platform, integrating Defender for Endpoint, Identity, Office 365, Cloud Apps, and Microsoft Sentinel into a Zero Trust-aligned security architecture. **What will be your challenge?** You will serve as the team’s technical Subject Matter Expert (SME) for Microsoft XDR, combining platform operations, detection engineering, and high-impact incident response: APTs, ransomware, and targeted phishing. **Responsibilities:** **XDR Platform Operations and Management** * Administer and optimize Microsoft Defender XDR (MDE, MDI, MDO, MDCA). * Manage data source integrations, connectors, and APIs within the Microsoft 365 Defender and Azure ecosystems. * Monitor alerts, triage incidents, and lead technical response to advanced threats. **Security Engineering and Architecture** * Design and implement detection and response architectures aligned with MITRE ATT\&CK and Zero Trust. * Participate in architectural reviews of new projects, ensuring compliance with security policies. **Collaboration and Technical Leadership** * Serve as the Microsoft XDR SME for the security team and business stakeholders. * Coordinate with IT, Cloud, Compliance, and Red Team to ensure comprehensive security coverage. **Education:** ============== * Degree in Engineering, Computer Science, Telecommunications, or related field (preferred). * Postgraduate degree or specialization in Cybersecurity (preferred). **Required Experience:** ==================================== * 3+ years in cybersecurity, including at least 2 years in SOC/XDR operations or engineering roles. * Proven experience administering Microsoft Defender XDR (MDE, MDI, MDO, MDCA). * Practical knowledge of MITRE ATT\&CK, NIST CSF, and Zero Trust architectures. * Experience in hybrid Microsoft environments: Azure AD / Entra ID, M365, and Azure. **Expected Technical Proficiency:** * Microsoft Defender for Endpoint (MDE): onboarding, advanced EDR, ASR, vulnerability management. * Microsoft Defender for Identity (MDI): lateral movement detection, pass\-the\-hash, Kerberoasting. * Microsoft Defender for Office 365 (MDO): anti\-phishing, Safe Links, advanced protection. * Microsoft Defender for Cloud Apps (MDCA): Shadow IT, DLP, session policies, and conditional access. * Networking: TCP/IP, DNS, proxies, firewalls, traffic analysis using Wireshark/Zeek. **Certifications that are a plus:** * SC\-200: Microsoft Security Operations Analyst. * AZ\-500: Microsoft Azure Security Technologies. * SC\-300: Microsoft Identity and Access Administrator. * CISSP / CISM / CEH / GIAC (GCIH, GCIA, GCFE). * Microsoft Certified: Security Expert (MCSE Security). * CompTIA Security\+ / CySA\+. **Work Mode: HYBRID (CABA \- Puerto Madero)